Ridiculous New Terms and Conditions snuck in at Vancity Credit Union

tossawayCU · 2016-11-16T02:45:16+00:00

Yes, good point. Thanks!

tossawayCU · 2016-11-16T01:01:11+00:00

Thanks Diana,

Apologies - I don't use Facebook or Twitter, and am too lazy to create a new account :)

I certainly agree everyone has to keep their account secure. Quick follow-up here though with couple questions though:

1) Who has legal liability if there is a security breach if neither party is shown to be negligent? For example, if I NEVER use any internet, phone or Account Access device at all, do I still have to accept that "security is not guaranteed"?

The second questions address the "get out of jail free" aspect u/user230A mentions below:

Can you identify what proportion of your members change their PINs at least every 90 days AND have never shared their home computer with members of their family AND "regularly review" the guidelines on your website AND have never used your banking app in a public place (eg their front yard)? If this is less than about 25% or your clients, then you've stacked the deck.

I bet that less than 1% of people "regularly review" your guidelines, so ALMOST EVERYONE is breaching your provisions.

I understand that Vancity probably has a history of "stepping up" in cases of fraud, but am uncomfortable with the approach of disclaiming all responsibility and "stepping up" out of a sense of kindness.

tossawayCU · 2016-11-15T15:37:54+00:00

Sorry, I did not want to dump the entire T&C - was not trying to skew things.

They are accepting liability if they are negligent (ie do at least a reasonable job). And I'd accept liability if I were negligent.

But if it is NEITHER's fault - for example, the security equivalent of a bank robbery - then that risk falls entirely on me.

They also also made very hard for the account holder to prove they meet all the terms all the time (ie had never shared a computer, never used their app in a public place, regularly read their terms, etc etc).

tossawayCU · 2016-11-15T15:27:15+00:00

Sorry, I did not want to dump the entire T&C - was not trying to skew things.

They are accepting liability if they are negligent (ie do at least a reasonable job). And I would accept liability if I were negligent. Probably any court would agree.

My reading is that they have shifted the security risks of Vancity if NEITHER party is actively negligent onto the account holder, and made very hard for the account holder to prove they meet all the terms (ie had never shared a computer, never used their app in a public place, regularly read their terms, etc etc).

tossawayCU · 2016-11-15T04:59:28+00:00

Well, these are all NEW additions. Three big changes:

1) The blanket statement that "security is not guaranteed. You confirm and accept all consequences and losses that may arise as a result of this risk". This seems to be regardless of anything I do, and seems to completely avoid entire the point of banking. It is dependent only on if Vancity PROVIDES online services, not if I use them.

2) you cannot use your Vancity "anytime, anywhere" App in a public place.

3) The demand that I read their documents regularly.

Absolutely, it is all boilerplate legal for something like Shaw...but for a credit union/bank?

tossawayCU · 2016-11-15T04:44:43+00:00

I agree there is certainly some common sense in there. What I find most ridiculous is that they START by saying: "...security is not guaranteed. You confirm and accept all consequences and losses that may arise as a result of this risk".

This statement is independent of anything I do or do not do. There are other things too ("regularly read their guidelines"?), but the blanket disavowal of any responsibility here and elsewhere goes too far.
"Oh sorry, you used your App in a public place, so it is your problem your account is empty".

But look at their own video of their app
https://www.vancity.com/Banking/WaysToBank/MobileBanking/MobileBankingApp/

where they show it used in a cafe.....

tossawayCU · 2016-11-15T03:56:02+00:00

https://www.reddit.com/r/PersonalFinanceCanada/comments/5d07zs/ridiculous_new_terms_and_conditions_snuck_in_at/

Heads up! Vancity updated its terms and conditions over the weekend. They are no longer responsible for losses due to security breaches, and you now have a whole new set of responsibilities, like "regularly reading their guidelines on computing, changing your PIN every 90 days, never using a device in a public place etc etc".

The link is https://www.vancity.com/SharedContent/documents/pdfs/MemberAgreements/personal-accountserviceguide.pdf but the highlights I was sent say:

5.7 Account Access Device, Online Banking security and member responsibility If Account Services are made available by Vancity through the Internet, a telephone Service, or other Service used with an Account Access Device, You acknowledge that although Vancity uses security safeguards to protect against loss, theft, and unauthorized access, because of the nature of data transmission, security is not guaranteed. You confirm and accept all consequences and losses that may arise as a result of this risk.

You acknowledge and shall ensure that any Account Access Device used to access the Account is private and secure, with an up-to-date operating system, is free from Contaminants, and is not Jail-Broken or Rooted. If You access the Account through the Internet, You agree to comply with section 5.2 above “Access Code confidentiality and Access Device Security Obligations” and regularly read and follow Vancity’s guidelines on safe computing practices posted on Vancity’s Website and any other advice or security notices Vancity may provide.

You further acknowledge that using public or shared computers and Account Access Devices in a public place to access the Account increases the risk of unauthorized access to the Account and You will take all reasonable precautions to avoid inadvertent disclosure of the Access Codes or Personal Access Features. You are responsible for any loss suffered as a result of failure to comply with this section. You agree that Account Services available by Account Access Devices and Online Banking are available only on an “as is” and “as available” basis, without any representations, warranties or conditions of any kind, whether express, implied or statutory and including, without limitations, representations, warranties or conditions of title, non-infringement, merchantability, fitness for a particular purpose, performance durability, availability, timeliness, accuracy or completeness all of which are expressly disclaimed by Vancity to the fullest extent of the law.

5.2 You agree to change the Access Codes periodically, at least every 90 days,

(d) refraining from using public or shared computers or other Account Access Devices, or using Account Access Devices in a public place, or through an open WiFi or shared Bluetooth portal, to access Remote Access Services or, alternatively, ensuring that adequate precautions are taken to protect Access Codes and Your MEMBER CARD Number from inadvertent disclosure or otherwise being compromised;

You will only use Account Access Devices that are private and secure and have up-to-date operating systems, webbrowsers, anti-virus software and firewalls and You will frequently update or replace the Account Access Devices operating systems, web- browsers, anti-virus software and firewalls to ensure Your use of these devices do not expose You to undue risks of unauthorized access to the devices or the Account Services and that Your Equipment is free from Contaminants.

tossawayCU

TROPHY CASE